VYPR
Vendor

OpenOlat

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2024-28198MedMar 11, 2024
    risk 0.00cvss 4.6epss 0.00

    OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is…

  • CVE-2021-41242HigDec 10, 2021
    risk 0.00cvss 8.1epss 0.01

    OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and…

  • CVE-2021-41152HigOct 18, 2021
    risk 0.00cvss 7.7epss 0.01

    OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to…

  • CVE-2021-39181HigSep 1, 2021
    risk 0.00cvss 8.8epss 0.02

    OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code…

  • CVE-2021-39180HigAug 31, 2021
    risk 0.00cvss 8.1epss 0.02

    OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the…